Blackberry Eyes Up Car Anti-Virus Market

[Reuters] reports that BlackBerry is working with at least two car manufacturers to develop a remote malware scanner for vehicles, On finding something wrong the program would then tell drivers to pull over if they were in critical danger.

The service would be able to install over-the-air patches to idle cars and is in testing phase by Aston Martin and Range Rover. The service could be active as early as next year, making BlackBerry around $10 a month per vehicle.

Since the demise of BlackBerry in the mobile phone sector, they’ve been hard at work refocusing their attention on new emerging markets. Cars are already rolling computers, and now they’re becoming more and more networked with Bluetooth and Internet connections. This obviously leaves cars open to new types of attacks as demonstrated by [Charlie Miller] and [Chris Valasek]’s hack that uncovered vulnerabilities in Jeeps and led to a U.S. recall of 1.4 million cars.

BlackBerry seem to be hedging their bets on becoming the Kingpin of vehicle anti-virus. But do our cars really belong on the Internet in the first place?

This is a *bit* strong. The whole idea of OnStar being able to access your location, for instance, makes some sense, and the idea of an onboard entertainment system having WiFi to stream music also makes sense. That’s the argument that car manufacturers would make.

The correct response to that, obviously, is that *those things shouldn’t be part of the car* – that is, they shouldn’t have access to anything that controls the operation of the car itself.

However, you could even come up with cases where you might want to connect the car to the Internet – for instance, to allow the ECU to report statistics to allow owners to have performance and maintenance data centralized. Imagine the ECU, monitoring fuel/battery levels, and the overall system giving you information about what refueling/recharging systems are within range. But even in *that* situation, you just properly insulate it: you make the communication one-directional. Have the ECU talk over a UART to the system that *does* have network access. Now there’s no attack vector to get access to mechanicals.

Honestly, I really don’t get it. The engineering here to eliminate any possible attack vector is really easy, but in general it seems as if auto manufacturers just don’t care to do any of it.

That sort of information has been available for quite some time via the OBDII port. You can even buy little plugs with bluetooth connectivity that only read from the OBDII port and then send the data to your phone or other mobile device. The only reason why any of this is even an issue is because for some fucked up unknown reason car manufacturers want the ability to send commands to their cars over the internet. I’m sure they can come up with all sorts of extreme and rare instances where that could be useful but does any of that really offset the newly introduced danger to the consumer?

In the attached article there is this line by a banking analyst:
{“Although a connected, more software-centric automobile offers tremendous advantages to consumers, it also opens the doors to hackers,” Papageorgiou wrote in his note.}
which kind of sums up public perception.
Most people care about how the car looks, and what amazing infotainment features it has. This is what get advertised by the manufacturer. Also these connectivity features allow the manufacturers to sell subscription models on ‘features’ and gather more information from every vehicle at will.
At the end of the day the car companies know they can make more money by adding more bells and whistles than they can by making the systems more secure and less feature rich.

Until more people are dying because of the security holes, I kinda doubt there’s going to be much change on this. Why be scared of a car computer hacker when you can be watching an NCIS episode about car hacking while driving?

Honestly, this article is pretty nauseating. The price of not dying because of a car virus (lmao) should be rolled into the original price of the vehicle. Just like how seatbelts don’t cost extra.

A lot of potential exploits could be eliminated by a hardware change of making communications between the PCM and Internet connected parts of the car one way.
Instead of linking them by CAN bus link them by an old fashion serial interface that is one way.

A one-way old fashioned serial interface would have no way to signal a re-transmit because of a parity error. Bits are flowing in both directions, and that opens the door to vulnerabilities. You *could* program your “sender” to not accept commands, but such things have been exploited before. Of course, it’s all much more complex than that, but if people are going to accept over-the-air firmware updates as a selling point, then they should insist on tougher security.

Definitely keep the infotainment systems physically separate from the engine/transmission control systems.

Aipgap firewalls between connect and mission critical systems and if you do need the PCM to send data to the infotainment unit use a RS232/488 a serial connection and a firewall uC or even make the serial connection one way where the infotainment unit cannot send any data back to the PCM.
That way even if the infotainment center is totally compromised it can’t do any harm to the rest of the car.

I agree with you, we have properly set up network separation in several industrial automation devices but automotive companies have shown an unwilling to pay for it, pay for proper auditing, deal with dealership firmware updates (and ditch OTA) and to even properly close ports on many vehicles … Personally I think we can do without, I don’t need to be able to lock my car or see my tire pressure while a country away from it and hot spots in cars are uselessly overpriced

Yuuuup. How long until it’s like Symantec or Microsoft Defender, where the vulnerability is introduced by the antivirus product? Over the air updates, herp derp that won’t became an exploit vector, noooo…

How about we just airgap (not necessarily 100% literally) users from the critical parts of the car? You want to connect phones to play music, fine, that should be separate hardware though. What should control the car? Pedals. Wheels. Switches. Maybe the autopilot system. What should control the autopilot system? Messages from a separate system that provides the UI, that ONLY do the things authorized by the UI. This system should not have other devices connected to it.

Manufacturers need to start taking responsibility for the security of their systems, and offer bounties so third parties will report flaws. The extra cost will be a lot less than the PR loss from cars plowing into walls. Car antivirus is *insanity* – if you can find a virus, you can find how it works and correct the flaw, rather than duct-tape it with virus removal. Ugh!

But no I’m sure us armchair security professionals know nothing and the money people ‘know a lot about hacking’… oh dear. Now I get it. Once they pay another company for ‘antivirus’, the security problems stop being the manufacturer’s problem.

“Car antivirus is *insanity* – if you can find a virus, you can find how it works and correct the flaw, rather than duct-tape it with virus removal. Ugh!”

Not just that, antivirus systems, as you said, may introduce attack vectors where no such vector would be without the antivirus (PDF scanning antivir on a system without a PDF reader, to name an example). And they do not offer 100% security. Not even the fancy bullshit-bingo ones (“cloud based software behavior analysis and prediction”). Not a single antivirus solution was capable of detecting wannacry, even though the bug was known and a patch was available. Some solutions even went as far as blocking the killswitch URL from being accessed, like Sophos, Kaspersky, Fortinet and Cisco Ironport.

Finally, an actual use for the message “a fatal error has occurred” with any luck this would happen before the fatal aspect.
one more thought, does this software require a constant connection?
If so it explains why city car manufacturers would want it.

I’m with you on this one, Somethings are great to connect online other things like cars etc are insane, Just wait till your self driving car gives you half an hour before driving into a wall unless you pay up with some bitcoins.

Now this makes sense:
“I saw this in a movie about a bus that had to SPEED around a city, keeping its SPEED over fifty, and if its SPEED dropped, it would explode! I think it was called, ‘The Bus That Couldn’t Slow Down.'” Homer Simpson

So years and years ago there was a TV show about some type of electronic device in a car (strange name) that would activate and cause the vehicle to take control and do whatever. A co-worker saw this show and was telling us about it. We thought he was nuts. Then, they did a rerun on it and I saw it. Then, everyone thought I was nuts. Even though the details are hazy in my mind, I do recall the show being fake but they were presenting it like it was real, or at least the very small portion I saw ( I did not watch it all). It was similar to that “mermaids are real” crap they had a few years back. Anyway, we were discussing this at lunch and I predicted that at some point in time automobiles and appliances would all be connected in some way via a network and would be susceptible to some sort of hacking and that your car, house and frig would also need some typed of antivirus. the idea was not far fetched, back then it was Norton or McAfee. Microsoft was really pushing Windows CE. That got a few strange looks, comments and laughs, especially from our @ss of an IT manager.
Nice to know I’m not crazy!(?)
This entire thing has a feel of a group of people dressed in tuxedos standing around a fire, trying not to smell like smoke, which I’ve also seen…..
Again, I’m not crazy!(?)

I have no problem with drive-by-wire, just as flying in a fly-by-wire plane (nowadays everything made by Boeing or Airbus). In fact if I had the choice, I’d probably opt for the wires (if it featured force feedback), as they allow significant advances in terms of driving experience and both passive and active safety.

I do, however, have a very big problem with said wires being connected to the friggin’ internet, they have no place there…

Any system that is mechanical is less prone to failure than electrical or software based control system.

Take for example, a sliding door from a van. If the door is electricly operated, there has to be a button, wires, a power supply, motors, gears, etc. If the door were mechanical, much less can go wrong with a lock and some rollers. It still could break, but it would be quicker to repair and cheaper to manufacture. Remember Murphy’s law.

Yah I’d still want a physical connection between the steering wheel and wheels and the brake pedal and master cylinder as I lost power steer while driving once.
The reason airliners can get away with flyby wire is they have triple redundancy and if any unit fails the aircraft is grounded until it’s fixed.
Most GA planes and small jets are not flyby wire as that level of redundancy traditionally would be too expensive and heavy.
It might be possible to do it now without going over the weight limits but the cost would likely still be a large factor in a small GA aircraft.

To say it plain and clear: You’re not smarter than all of the engineers who work for automotive companies designing such safety critical systems. Quit thinking that you are. Quit thinking that you just found a big issue that _no one before you_ has thought about. Quit fear-mongering.

I work in automotive. I’m “just” the network guy, but I’ve seen enough to say that automotive engineers will think of and exhaustively test every possible issue.

@notarealemail: Why would a vehicle not run without a battery? The alternator is providing enough current to power everything _and_ charge the battery. And electronics will even detect that and light the little battery icon light in your dash.

I found a lot of sites claiming that some electronics might die with a disconnected battery due to voltage spikes. Or the charge controller of the alternator dying for some reason. But i wouldn’t quote any of those sites and i can’t find anything close to be called scientific or reliable, just some threads in some random message boards.

@Nitori: Car manufacturers don’t want people to die, even if it’s not explicitly forced by law. Dead people can’t buy cars, dead people don’t need car maintenance and dead peoples relatives will try to get loads of money from you if they think you’re responsible. Injured people or people that have a disability as a result of your failure cost even more than dead people.

For now at least, steering and brakes are never fully drive-by-wire, they are only power assisted (whether by an engine driven pump, an electric pump, vacuum, etc). If all the power assist features fail, the driver is still able to steer and brake the vehicle manually, it just takes more effort. (Potentially much more effort)

I just think it’s weird that RIM still owns both Blackberry and QNX. QNX has the highest share of the operating systems market in automotive electronic control systems. Yet their big security monitor roll-out is at Jaguar-Land Rover (JLR), a company leading the GENIVI Linux effort in the automotive space; in large part against QNX. Which leads me to wonder, what platform their security product is deployed on?

You know what sounds like a better idea than a car anti virus… Maybe get the nsa to certify cars ‘almost nsa proof’. Have 3 tiers ‘ not yet nsa hacked’, ‘hacked but not exploited in the wild’, and ‘epic noob fail’

I’ll be keen to see how they manage to get an ECU in the passenger compartment to communicate wirelessly through a metal firewall with various sensors and actuators in the engine bay or wheel wells (which sit behind more metal).

Many vehicles use wireless tire pressure sensors. That is a possible security issue right there!
Hypothetical Situation:
You’re driving around on the highway and suddenly your car says that the passenger front is low. *beep* *beep* Dangerously low! You pull over immediately.
The car that was 50 feet behind you is slowing down and pulls over. How nice of them, they saw you put on your hazards and pull over they probably have an air compressor and a jack…
Turns out the vehicle behind you wants your money and your car. Someone hops out of the passenger side and demands you drive to the nearest ATM. The driver presses a key on his laptop and the tire pressure light goes from blinking red, to steady green.

There’s no need for the tire pressure warning system to be able to talk to the PCM.
Just have it directly drive it’s own displays it’s just one wire for a light or two or three wires to a small VFD/LCD and give it it’s own diagnostic connector.
Literally $4 in parts to completely eliminate it as a possible exploit to the point Motoko Kusanagi and Lain couldn’t hack the car through it.

Have i been blocked on HaD? Posted here yesterday but still nothing to see (but more recent comments). Typically my comments show up directly or at least with a “your comment is waiting for moderation” or something like this, but this time (and not the first time the last few days/weeks) nothing. However the comment arrived in the system, sending it once more triggered the duplicate-message. This is not normal. What’s going on here?